This is a reland of commit 9cca4e60f1
This CL disables the mjsunit tests as well in single generation mode.
Original change's description:
> [heap] Handle old-to-new slot promotion to shared heap
>
> The GC might promote an in-place internalizable string from new space
> directly into the shared heap. This means that the GC might need to
> create OLD_TO_SHARED slots when updating OLD_TO_NEW slots.
>
> This CL implements this both for minor and full GCs.
>
> Bug: v8:11708
> Change-Id: I6102b9024d1dd5dd602d654b006ea5897ab5baa6
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3804604
> Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82298}
Bug: v8:11708
Change-Id: I9e96fe7c3f263d4088536d3a15af6d00fa82625e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3828099
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82540}
This fixes C++20 compile errors due to math between disparate enum types
being deprecated (e.g. ENUM_A_VAL | ENUM_B_VAL).
Bug: chromium:1284275
Change-Id: I7fc83888bb9c8156909cbc3ea1b30ef94d4a2c1f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3830986
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82539}
Baseline write barrier needs to use different page flag mask to also
call into the slow path of the barrier for old-to-shared pointers.
Bug: v8:11708
Change-Id: I955f30376f3de912b418298cdcf1e38dd2adda2e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834254
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82538}
That entails that V8 built with bazel does not support
snapshot compression.
NOTE: Snapshot compression has always been supported, but it has never
been enabled. We do not even have a flag for it.
Change-Id: I4b67db618be2c62e6a6f34e71eb0dac2ec26fa36
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834031
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82537}
The "length" field of strings should never be mutated once it has
been initialized. This means that the checks done by StringRef::length
were never really useful. This CL thus removes them.
Bug: chromium:1352386
Change-Id: I49f681daad119553eb0d4f1c2315bff5138197d7
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829541
Commit-Queue: Darius Mercadier <dmercadier@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82536}
This reverts commit 6ec7be21e6.
Reason for revert: Speculative revert for https://ci.chromium.org/ui/p/v8/builders/ci/V8%20Win64/47984/overview
Original change's description:
> [sandbox] Sandboxify WasmExportedFunctionData::sig
>
> This CL changes the WasmExportedFunctionData class to store a direct
> ExternalPointer to the wasm::FunctionSig instead of referencing it
> through a Foreign. This in turn makes it possible to use a unique
> pointer tag for that external pointer when the sandbox is enabled.
>
> Drive-by: move WasmInternalFunction::call_target external pointer to the
> end of the object, in line with other external pointer fields.
>
> Bug: v8:10391, v8:12949
> Change-Id: Ic3ff622a075c9eaa2f8d8835803437466290c928
> Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829086
> Commit-Queue: Samuel Groß <saelo@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82523}
Bug: v8:10391, v8:12949
Change-Id: I18a7c9603e30d7cd78fd599e59596015260a5818
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834259
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Owners-Override: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Auto-Submit: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82535}
Port 00746406cf
Original Commit Message:
... which affect how builtin calls are generated.
This CL replaces the following boolean options
- builtin_calls_as_table_load,
- inline_offheap_trampolines,
- short_builtin_calls,
- use_pc_relative_calls_and_jumps,
with an enum BuiltinCallJumpMode and a boolean option
use_pc_relative_calls_and_jumps_for_mksnapshot.
BUG=
LOG=N
Change-Id: I9ad83d27fc5b295ca4827e9608d4be10f7b10551
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831638
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#82534}
.. at which time, the standard ML frame is not yet set up. Instead, an
INTERNAL frame with a few fixed tagged stack slots is created in
preparation for the runtime call in GenerateTailCallToReturnedCode.
Bug: v8:7700
Fixed: v8:13192
Change-Id: Icd7adbc25aa6a5446a43a0fb3ee70c65ee33cc5d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835683
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82533}
The range barrier needs to update the old-to-shared remembered set as
well.
Bug: v8:11708
Change-Id: I79c077bb0131f026bd8c6726100df8c5b576eaca
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3828100
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82532}
A switch can only produce a hole if it does not have fallthrough.
This actually only happens for SwitchOnGeneratorState bytecode.
We calculate the highest post dominating hole by traversing each
target.
Bug: v8:7700
Change-Id: Ia86ac08b1062dc48296e24beb95b3e3c3418ea6b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826045
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82529}
due the different offset values on BE vs LE, the field_index
is incorrect on BE causing the visited_fields_ not to be set
to false during reference iteration.
Change-Id: I8f451cee7f9a18990de7ff2c67c904b1769b4f5e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3831639
Commit-Queue: Junliang Yan <junyan@redhat.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82528}
This allows V8 to be compiled without zlib.
Currently we use zlib for 3 features:
1. Snapshot compression. The cl asserts v8_snapshot_compression
implies v8_use_zlib.
2. Compression of translation arrays (experimental flag). The runtime
flag is only enabled if v8_use_zlib.
3. Snapshot checksums. We fallback to a simple Fletcher algorithm if
v8_use_zlib is false.
Change-Id: If043c3c21bba4d734573d7e1199d3ddf17b84f41
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833817
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82527}
When a name's hash is a forwarding index, HasHashCode() and hash() now
implicitly retreive the hash from the string forwarding table.
Bug: v8:12957
Change-Id: Ibb278df16b1ae6a54c7cbe757c65d3a5210168e9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827880
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82525}
This CL changes the WasmExportedFunctionData class to store a direct
ExternalPointer to the wasm::FunctionSig instead of referencing it
through a Foreign. This in turn makes it possible to use a unique
pointer tag for that external pointer when the sandbox is enabled.
Drive-by: move WasmInternalFunction::call_target external pointer to the
end of the object, in line with other external pointer fields.
Bug: v8:10391, v8:12949
Change-Id: Ic3ff622a075c9eaa2f8d8835803437466290c928
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829086
Commit-Queue: Samuel Groß <saelo@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82523}
Very small change to the arm64 macro assembler.
This improves Preact by 0.8% on a Neoverse-N1 machine.
Change-Id: I867e73eb9b999e6f74fd54d72c6bf3f139d3b62f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833819
Commit-Queue: Martyn Capewell <martyn.capewell@arm.com>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82522}
The way we initialized the "compilation progress" was pretty convoluted,
with multiple levels of functions being called for initializing every
single slot.
This CL refactors this to compute one default value for the whole
module, and only modifies those slots that need special handling (e.g.
because of compilation hints, or lazy/eager compilation after
deserialization).
We also rename "liftoff_functions" to "eager_functions" in the
deserialization path; the idea is that those functions should get
eagerly compiled because we expect them to be needed during execution.
Usually they would be Liftoff-compiled, but it's more consistent to use
the existing logic to choose the baseline tier. In the default
configuration, this will still use Liftoff, but if Liftoff is disabled
we will use TurboFan instead.
R=jkummerow@chromium.org, ahaas@chromium.org
Bug: v8:12425
Change-Id: Ie58840b19efd0b1e98f1b02d5f1d4369410ed8e1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829606
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82521}
The Code-less builtins mode is still disabled.
Bug: v8:11880
Change-Id: I725ae4187bb394f79c69d5d0d971961e3ea406e8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3827879
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82520}
We should only tier to Sparkplug from Ignition. Previously, the
'!ActiveTierIsSparkplug' condition was correct since only Ignition (and
Sparkplug itself) entered the TieringManager. But now that Maglev is
also present, the condition must be clarified to 'ActiveTierIsIgnition'.
Bug: v8:7700
Change-Id: Ic7ea898facf9ce65407d09cead35e0181e49db31
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835562
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82519}
.. just because it's convenient to see the object type and code kind for
short prints.
Before:
- code: 0x014c00257515 <Other heap object (CODE_DATA_CONTAINER_TYPE)>
After:
- code: 0x39b7002573b1 <CodeDataContainer MAGLEV>
Bug: v8:11880
Change-Id: I02576ffdef509ed021fc5632ea19448387188130
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826255
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Auto-Submit: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82518}
M1 is known to have regression in MotionMark.
Fuchsia fails due to binary size increase.
Bug: chromium:1325007
Change-Id: I599c53bf1318dfcc7b40764e89df81b972374ed3
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3835682
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Anton Bikineev <bikineev@chromium.org>
Auto-Submit: Anton Bikineev <bikineev@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82517}
- Move InnerPointerToCodeCache to using internal callbacks.
- Refactor internal and external callbacks to use a unified interface.
Bug: v8:13184
Change-Id: If0006d324b0433f5d6bbf00b6d0fc1a2589227bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3834583
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82515}
Distinguish internalized forwarding indices from external forwarding
indices stored in a strings hash.
Bug: v8:12957
Change-Id: Ic01386a3291ac8d618cf4282aa7112e74e1b9169
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829471
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82513}
Refactoring the code dealing with TimeZone Canonicalization.
Change CanonicalizeTimeZoneName from return MaybeHandle<String> to Handle<String>
Move TimeZoneId from JSDateTimeFormat to Intl and return Handle<String> instead of Handle<Object>
Bug: v8:13112
Change-Id: I678b0e0d407e5e4e9dd8b7120c0e99e7e2d9c5ea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833435
Reviewed-by: Shu-yu Guo <syg@chromium.org>
Commit-Queue: Frank Tang <ftang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82505}
This CL changes the WasmTypeInfo class to have a direct ExternalPointer
to the native type structure instead of using a Foreign. This in turn
makes it possible to use a unique pointer tag for that external pointer
when the sandbox is enabled.
Bug: v8:10391, v8:12949
Change-Id: Ifee4d2103cabfa6a7299d0d09e06d387034e5f8f
Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829085
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Samuel Groß <saelo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82504}
The previous CL (https://crrev.com/c/3810187) caused a 86.9kB binary
size regression on arm64 Android.
The 64kB alignment is actually only needed on Linux, as Android
always uses 4kB. This reduces the binary size by 98.3kB in a local test,
resulting in a 11.4kB reduction overall (over both patches).
R=cbruni@chromium.org
Bug: v8:12887
Change-Id: If0c44d1b447e6982876a6ced8680b904613e39d5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829473
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82503}
Int32MulWithOverflow on arm64 uses a cmp to set flags rather than
the multiply instruction itself, thus we can use a left shift when
the multiplication is by a power of two.
This provides 0.15% for Speedometer2 on a Neoverse-N1 machine,
with React being improved by 0.45%.
Change-Id: Ic8db42ecc7cb14cf1ac7bbbeab0e9d8359104351
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829472
Commit-Queue: George Wort <george.wort@arm.com>
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82499}
This fixes a compile error in C++20 with comparison operator reordering.
Also does a little misc. cleanup to the adjacent code.
Bug: chromium:1284275
Change-Id: I1999c4ef2e8a201d2f1270347fe12c33c961c011
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3830987
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82497}
The {vmar.protect} API used for {SetPermissions} fails when called on
data memory with error -10 (ZX_ERR_INVALID_ARGS).
Skip fuchsia until we figure out the right API to use there.
R=cbruni@chromium.org
Bug: v8:13194
Change-Id: I20754f7212a892b8440f29658bf3db40f7745fe9
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3833820
Auto-Submit: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82494}
This is a reland of commit a19316d9d7
- Revert malloc_usable_size() changes temporarily to land them in
isolation.
- Add cosmetics from https://crrev.com/c/3827876
Original change's description:
> [heap] Rework Worklist base type
>
> Worklist uses a singly-linked list of segments to hold entries.
> Segment size was based on a compile-time constant but already stored
> in the segment itself.
>
> Rework the segments to query `malloc_usable_size()` on allocation and
> adjust the capacity properly. For PartitionAlloc, it turns out that
> there's ~20% more capacity available for the 64-element segments.
>
> This slows down actual allocation of the segments with the upside of
> improving utilization and requiring 20% less segments.
>
> Change-Id: Ib8595c3fb9fb75b02e4022f6c525bb59a2df7ab7
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3826047
> Commit-Queue: Anton Bikineev <bikineev@chromium.org>
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Anton Bikineev <bikineev@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#82432}
Change-Id: Ic8c5257cfe3c347b11eea5c513ca7f62e09f637f
Bug: v8:13193
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3829475
Reviewed-by: Anton Bikineev <bikineev@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82493}
This adds `extern.externalize(ref null any): ref null extern` to wasm
which packs wasm objects into JS objects if the js-interop flag is not set.
This is the counterpart to extern.internalize introduced in
50ec8a11f2.
Bug: v8:7748
Change-Id: I67b8fe6d70b9f526ff6c43b0a4d7861c7ff5dad0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3825879
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Matthias Liedtke <mliedtke@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82492}